> make sure you use ntop 3.2: this should be enough. > Hi Luca, I am using ntop 3.2
As far as I can tell Ntop does not support all of the metrics that nProbe_v4 is able to report on when operated in v9 mode. For example, if I include %NW_LATENCY_USEC in the flow template I find that Ntop will categorize the flow data as using a "Unknown Template" and discard it. Are the metrics that Ntop 3.2 can accept documented anywhere? I haven't been able to locate any literature on the subject and have been using trial and error to refine a flow template definition that will work well with Ntop. The current nProbe config I'm testing doesn't seem to be causing any discards. Here's what it looks like: ./nprobe -G -n127.0.0.1:2056 -i eth1 -T "%IN_BYTES %IN_PKTS %FLOWS %PROTOCOL %SRC_TOS %TCP_FLAGS %IPV4_SRC_ADDR %SRC_MASK %IPV4_DST_ADDR %DST_MASK %LAST_SWITCHED %FIRST_SWITCHED %OUT_BYTES %OUT_PKTS %TOTAL_BYTES_EXP %TOTAL_PKTS_EXP %TOTAL_FLOWS_EXP %DIRECTION %FRAGMENTED %NW_LATENCY_SEC %APPL_LATENCY_SEC %IN_PAYLOAD %OUT_PAYLOAD %ICMP_FLAGS %SIP_CALL_ID %SIP_CALLING_PARTY %SIP_CALLED_PARTY %SIP_RTP_CODECS %SIP_INVITE_TIME %SIP_TRYING_TIME %SIP_RINING_TIME %SIP_OK_TIME %SIP_ACK_TIME %SIP_RTP_SRC_PORT %SIP_RTP_DST_PORT %SIP_FIRST_SSRC %SIP_FIRST_TS %SIP_LAST_SSRC %SIP_LAST_TS %SIP_IN_JITTER %SIP_OUT_JITTER %SIP_IN_PKT_LOST %SIP_OUT_PKT_LOST %SIP_IN_MAX_DELTA %SIP_OUT_MAX_DELTA" MikeR. > > Rosberg, Michael wrote: > > >Hi, > > > >I am using nProbe_v4 probes with Ntop and am trying to > figure out how > >to configure nProbe to export NetFlow v9 packets in an Ntop friendly > >fashion. Spawning nProbe in v9 mode using the -V9 option (as I have > >been > >doing) does cause the nProbe to send data in the v9 format, however, > >Ntop discards most of the flow data because of what it calls > "V9 Flows > >with Unknown Templates Received". > > > >Any recommendations for configuring nProbe_v4 for use with > Ntop? What > >Flow templates is Ntop able to interpret? > > > >T.I.A. > > > >MikeR. > > > > > > > >------------------------------------------------------------- > ---------- > >- > > > >_______________________________________________ > >Ntop mailing list > >[email protected] http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > > -- > Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ > skype://lucaderi/ > Don't be encumbered by past history. Go off and do > something wonderful - Robert Noyce > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
